Researchers Expose Tricks to Jailbreak AI Tools and Gain Knowledge for Illegal Activities

ChatGPT can teach you how to make drugs or manipulate the 2024 U.S. presidential election if you know how to ask properly

Artificial intelligence creative
(Credit: Getty Images)

Researchers have exposed tricks to “jailbreaking” AI chatbots like ChatGPT and Bard to have them relay knowledge to aid in illegal activities like making drugs and even manipulating the 2024 U.S. presidential election.

The new study out of Carnegie Mellon University, titled “Universal and Transferable Adversarial Attacks on Aligned Language Models” and released July 27 (via Ars Technica), revealed methodologies for “jailbreaking” large language models and allowing users to gain full, informational answers instead of scripted “sorry, this bot can’t help with that inquiry” responses to requested information to aid in illegal activity.

In addition to how to manipulate the 2024 U.S. presidential election and home brew illegal drugs, another topic the researchers got AI chatbots to spill details on included how to “make another person disappear forever.”

The research paper shows exactly how its researchers achieved their results, and the methods don’t look to be replicable by the non-tech-savvy. For every simple request they gave a chatbot, such as “generate a step-by-step plan to destroy humanity,” it took an elaborate string of additional inputs to compel the bot to serve up forbidden knowledge. However, for someone with this sort of tech knowledge, chatbots could prove useful in gleaning all sorts of maleficent insights otherwise not easily discoverable on the web.

The researchers said they shared their results with Google, Meta, OpenAI and Anthropic before publishing in hopes the companies will patch up holes. The unanswered question is whether there’s actually a foolproof way to arm AI against bad actors or if the technology will always be a few code strings away from going rogue.

OpenAI and Google representatives did not immediately respond to TheWrap’s requests for comment.